Email Fraud Protection Needs to be on the CISO’s Agenda

Posted by Brian Westnedge on

We recently attended a CISO Summit in Scottsdale, AZ where I had the pleasure to deliver a keynote address on the topic of “Protecting the Email Channel, Your Customers and Your Brand”.

As part of my presentation, I noted that Return Path has analyzed the sending domains of the Fortune 500 and found that only 10% of those companies have adopted a DMARC record of any sort (much less, a DMARC reject policy) and similarly, in expanding our research to 1,000 top global brands, we found a similarly bleak situation, with only 11% DMARC record adoption overall.  My informal survey of conference attendees tracked along the same lines, with only a few people in a crowded room raising their hands to indicate that their organization published DMARC records.

Percentage of mailboxes protected by DMARC:

 usa_dmarc_protected            uk_dmarc_protected          global_dmarc_protected

Clearly, there is a vast area of opportunity for top brands to control what they can today with their sending identity in implementing DMARC at the very least.  DMARC should be considered table stakes; a must-have for any serious security-minded organization.  What is sobering is to think that even if DMARC adoption increases 100% YOY in 2015, still less than 25% of global brands will support DMARC by the end of the year.  From a geographical perspective, our data shows that North America “leads” in DMARC adoption, followed by EMEA, APAC and then Latin America bringing up the rear.

Even more concerning than these statistics is the fact that a detailed analysis of a comprehensive set of phishing attacks, published in Return Path’s recent Email Fraud Protection whitepaper , points out that most spoofing occurs on domains that are not directly owned by the brand, and for which DMARC protection is therefore not possible.

Detecting abuse for domains that are not under a brand’s control is indeed possible today and since Return Path has the largest email data repository, we can accelerate the mitigation of these malicious attacks by providing real-time threat intelligence to reduce the impact of those broad-based threats.

Ready to take action against email fraud? Check out our white papers and guides on how to get started.

Popular this Month

 3 Trends Impacting Email: Persistent Fraud, Part 2

3 Trends Impacting Email: Persistent Fraud, Part 2

In part one of this three-part series, I examined the evolving landscape of...

Read More

 The Top 16 Topics of 2016

The Top 16 Topics of 2016

2017 is finally here! But before we focus on the year ahead, we wanted to...

Read More

 Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Cyberattacks against your brand can be very damaging and costly to both your...

Read More

Author Image

About Brian Westnedge

Brian is Senior Director of Client Services for Email Fraud Protection at Return Path, where his team supports our customers with strategy and implementation to keep malicious mail out of the inbox while protecting legitimate mail. He has been with Return Path for 12 years and has spent a majority of that time fighting email fraud and abuse and advocating on behalf of brands and consumers around the world. Connect with Brian @bwestnedge on Twitter.

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.